system restore?

Discussion in 'Windows - Virus and spyware problems' started by joshjy, Nov 30, 2007.

  1. joshjy

    joshjy Regular member

    Joined:
    Dec 23, 2006
    Messages:
    148
    Likes Received:
    0
    Trophy Points:
    26
    hi in a try to remove all these pop us i keep getting i am getting i am going to try and take the computer back a week or so with system restore

    however yesterday purchased mcafee 2008 download version from the internet and instled it and now i am worried that if i do a system restore i will lose mcafee

    i was just womdering if this would be the case?

    thanks in advance josh.
     
    joshjy, Nov 30, 2007
    #1
  2. echoreply

    echoreply Regular member

    Joined:
    Nov 9, 2007
    Messages:
    472
    Likes Received:
    0
    Trophy Points:
    26
    hi,

    its best practice to clean out old restore points after your computer is free of malware, not before. post back if you wish to continue.
     
    echoreply, Nov 30, 2007
    #2
  3. joshjy

    joshjy Regular member

    Joined:
    Dec 23, 2006
    Messages:
    148
    Likes Received:
    0
    Trophy Points:
    26
    yes please help me clean out my computer many thanks
     
    joshjy, Dec 1, 2007
    #3
  4. echoreply

    echoreply Regular member

    Joined:
    Nov 9, 2007
    Messages:
    472
    Likes Received:
    0
    Trophy Points:
    26
    hi,

    ok first post a hjt log for some clues:

    Download HiJackThis log - Trend Micro HijackThis 2.0.2

    http://www.trendsecure.com/portal/en-US/threat_analytics/HJTInstall.exe

    * Save HJTInstall.exe to your desktop.
    * Doubleclick on the HJTInstall.exe icon on your desktop.
    * By default it will install to C:\Program Files\Trend Micro\HijackThis .
    * Click on Install.
    * It will create a HijackThis icon on the desktop.
    * Once installed, it will launch Hijackthis.
    * Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
    * Click on "Edit > Select All" then click on "Edit > Copy" and Paste the entire contents of the log in next reply.
     
    echoreply, Dec 1, 2007
    #4
  5. joshjy

    joshjy Regular member

    Joined:
    Dec 23, 2006
    Messages:
    148
    Likes Received:
    0
    Trophy Points:
    26
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\brsvc01a.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\brss01a.exe
    C:\WINDOWS\system32\Brmfrmps.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\KService\KService.exe
    C:\WINDOWS\system32\slserv.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\ehome\ehtray.exe
    C:\Program Files\SigmaTel\C-Major Audio\ControlPanel\StacSysTray.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\Phoenix Technologies\cME\Guard\Guard.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
    C:\PROGRA~1\SigmaTel\C-MAJO~1\CONTRO~1\stacsrv.exe
    C:\Program Files\Brother\ControlCenter2\brctrcen.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
    C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\kdx\KHost.exe
    C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
    C:\WINDOWS\STK02N\STK02NM.exe
    C:\Program Files\Common Files\Teleca Shared\Generic.exe
    C:\Program Files\Sony Ericsson\Mobile\Mobile Phone Monitor\epmworker.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\PhnxCDSvr.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\WINDOWS\slrundll.exe
    C:\Program Files\SiteAdvisor\6172\SAService.exe
    C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
    c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    C:\Program Files\McAfee\MPF\MPFSrv.exe
    C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.elonex.com/
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
    O3 - Toolbar: The hdtip - {CBF5124B-3294-4441-9B5C-30297F50E02C} - C:\WINDOWS\hdtip.dll
    O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [StacSysTray] C:\Program Files\SigmaTel\C-Major Audio\ControlPanel\StacSysTray.exe -invisible
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [RestoreIT!] "C:\Program Files\Phoenix Technologies\cME\RPro\ XP\VBPTASK.EXE" VBStart
    O4 - HKLM\..\Run: [Eval] "C:\Program Files\Phoenix Technologies\cME\RPro\Eval\Eval.exe"
    O4 - HKLM\..\Run: [Guard] "C:\Program Files\Phoenix Technologies\cME\Guard\Guard.exe" /background
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
    O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
    O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
    O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe
    O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
    O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
    O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
    O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [kdx] C:\WINDOWS\kdx\KHost.exe -all
    O4 - HKUS\S-1-5-21-602366771-4105158734-2734167206-1007\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User '?')
    O4 - HKUS\S-1-5-21-602366771-4105158734-2734167206-1007\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background (User '?')
    O4 - HKUS\S-1-5-21-602366771-4105158734-2734167206-1009\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'joshua jones-young')
    O4 - HKUS\S-1-5-21-602366771-4105158734-2734167206-1010\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'Alexa Jones-young')
    O4 - HKUS\S-1-5-21-602366771-4105158734-2734167206-500\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'Administrator')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
    O4 - Global Startup: STK02N 2.0 PNP Monitor.lnk = ?
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://www.eXentiasupport.com/
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared...01/mcinsctl.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdat...b?1125909620937
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupd...b?1144096536671
    O16 - DPF: {78AEEDE8-7345-4FB5-A8FE-4BFF16EF25FC} (McAfee Virtual Technician Control Class) - http://us-download.mcafee.com/products/protected/mvt/mvt.cab
    O16 - DPF: {82FFA573-38AA-482A-99AD-91F697B91631} (Installer.InstallControl) - http://www.file2you.net/applet.cab
    O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} (VideoEgg ActiveX Loader) - http://update.videoegg.com/Install/Windo...ggPublisher.exe
    O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by118fd.bay118.hotmail.msn.com/activex/HMAtchmt.ocx
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O21 - SSODL: gormet - {4CBBE053-A797-4421-8783-25E8C51A0899} - C:\WINDOWS\gormet.dll
    O21 - SSODL: pmkret - {739689B2-85A1-47E5-8775-ABC322C527EF} - C:\WINDOWS\pmkret.dll
    O23 - Service: McAfee Application Installer Cleanup (0085501196369336) (0085501196369336mcinstcleanup) - McAfee, Inc. - C:\DOCUME~1\ROBERT~1\LOCALS~1\Temp\008550~1.EXE
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Brother Industries, Ltd. - C:\WINDOWS\system32\Brmfrmps.exe
    O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: KService - Kontiki Inc. - C:\Program Files\KService\KService.exe
    O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
    O23 - Service: Sigmatel PassThru (PassThru) - Unknown owner - C:\Program Files\SigmaTel\C-Major Audio\ControlPanel\passthru.exe
    O23 - Service: Phoenix VCD Service (PhnxVCDService) - Phoenix Technologies Ltd. - C:\WINDOWS\system32\PhnxCDSvr.exe
    O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6172\SAService.exe
    O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe





    thats the log many thanks in advance josh.

     
    joshjy, Dec 2, 2007
    #5
  6. echoreply

    echoreply Regular member

    Joined:
    Nov 9, 2007
    Messages:
    472
    Likes Received:
    0
    Trophy Points:
    26
    hi,

    the top part of your hjt log is missing.

    start HJT, click "Do a system scan only" put a checkmark beside the items below, close all windows and click "fix checked".

    O21 - SSODL: gormet - {4CBBE053-A797-4421-8783-25E8C51A0899} - C:\WINDOWS\gormet.dll

    O21 - SSODL: pmkret - {739689B2-85A1-47E5-8775-ABC322C527EF} - C:\WINDOWS\pmkret.dll
    -----------------------------
    next:
    Download SmitfraudFix (by S!Ri) to your Desktop.

    http://siri.urz.free.fr/Fix/SmitfraudFix.exe

    Double-click SmitfraudFix.exe
    Select option #1 - Search by typing 1 and press Enter
    This program will scan large amounts of files on your computer for known patterns so please be patient while it works. When it is done, the results of the scan will be displayed and it will create a log named rapport.txt in the root of your drive, eg: Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply.

    echoreply
     
    echoreply, Dec 2, 2007
    #6
  7. joshjy

    joshjy Regular member

    Joined:
    Dec 23, 2006
    Messages:
    148
    Likes Received:
    0
    Trophy Points:
    26
    ok i followed what you said in your following post

    and here is my SmitFraud log

    SmitFraudFix v2.257

    Scan done at 18:33:43.15, 03/12/2007
    Run from C:\Documents and Settings\joshua jones-young.ROBERT\Desktop\SmitfraudFix
    OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
    The filesystem type is NTFS
    Fix run in normal mode

    »»»»»»»»»»»»»»»»»»»»»»»» Process

    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\brsvc01a.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\brss01a.exe
    C:\WINDOWS\system32\Brmfrmps.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\KService\KService.exe
    C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
    c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    C:\Program Files\McAfee\MPF\MPFSrv.exe
    C:\Program Files\SiteAdvisor\6172\SAService.exe
    C:\WINDOWS\system32\slserv.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\ehome\ehtray.exe
    C:\Program Files\SigmaTel\C-Major Audio\ControlPanel\StacSysTray.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\Phoenix Technologies\cME\Guard\Guard.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
    C:\PROGRA~1\SigmaTel\C-MAJO~1\CONTRO~1\stacsrv.exe
    C:\Program Files\Brother\ControlCenter2\brctrcen.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
    C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
    C:\Program Files\McAfee.com\Agent\mcagent.exe
    C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\Common Files\Teleca Shared\Generic.exe
    C:\Program Files\Sony Ericsson\Mobile\Mobile Phone Monitor\epmworker.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\PhnxCDSvr.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\WINDOWS\STK02N\STK02NM.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\WINDOWS\slrundll.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
    C:\WINDOWS\system32\cmd.exe
    C:\WINDOWS\NOTEPAD.EXE

    »»»»»»»»»»»»»»»»»»»»»»»» hosts


    »»»»»»»»»»»»»»»»»»»»»»»» C:\


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

    C:\WINDOWS\gormet.dll FOUND !
    C:\WINDOWS\hdtip.dll FOUND !
    C:\WINDOWS\monhop.exe FOUND !
    C:\WINDOWS\pmkret.dll FOUND !
    C:\WINDOWS\privacy_danger FOUND !

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\joshua jones-young.ROBERT


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\joshua jones-young.ROBERT\Application Data


    »»»»»»»»»»»»»»»»»»»»»»»» Start Menu


    »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\JOSHUA~1.ROB\FAVORI~1

    C:\DOCUME~1\JOSHUA~1.ROB\FAVORI~1\Error Cleaner.url FOUND !
    C:\DOCUME~1\JOSHUA~1.ROB\FAVORI~1\Privacy Protector.url FOUND !
    C:\DOCUME~1\JOSHUA~1.ROB\FAVORI~1\Spyware?Malware Protection.url FOUND !

    »»»»»»»»»»»»»»»»»»»»»»»» Desktop


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

    C:\Program Files\RichVideoCodec\ FOUND !

    »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


    »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
    "Source"="About:Home"
    "SubscribedURL"="About:Home"
    "FriendlyName"="My Current Home Page"


    »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll


    »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
    !!!Attention, following keys are not inevitably infected!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLs"=""
    "LoadAppInit_DLLs"=dword:00000001


    »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
    !!!Attention, following keys are not inevitably infected!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "System"=""


    »»»»»»»»»»»»»»»»»»»»»»»» Rustock



    »»»»»»»»»»»»»»»»»»»»»»»» DNS

    Description: USB Cable Modem 351000 - Packet Scheduler Miniport
    DNS Server Search Order: 194.168.4.100
    DNS Server Search Order: 194.168.8.100

    HKLM\SYSTEM\CCS\Services\Tcpip\..\{3412132F-5AD7-4166-A24A-3D45227CFF87}: DhcpNameServer=194.168.4.100 194.168.8.100
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{3412132F-5AD7-4166-A24A-3D45227CFF87}: DhcpNameServer=194.168.4.100 194.168.8.100
    HKLM\SYSTEM\CS3\Services\Tcpip\..\{3412132F-5AD7-4166-A24A-3D45227CFF87}: DhcpNameServer=194.168.4.100 194.168.8.100
    HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=194.168.4.100 194.168.8.100
    HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=194.168.4.100 194.168.8.100
    HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=194.168.4.100 194.168.8.100


    »»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


    »»»»»»»»»»»»»»»»»»»»»»»» End



    and i wasnt sure if you wanted my hjt log again but here it is anyway

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 18:38:56, on 03/12/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16544)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\brsvc01a.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\brss01a.exe
    C:\WINDOWS\system32\Brmfrmps.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\KService\KService.exe
    C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
    c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    C:\Program Files\McAfee\MPF\MPFSrv.exe
    C:\Program Files\SiteAdvisor\6172\SAService.exe
    C:\WINDOWS\system32\slserv.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\ehome\ehtray.exe
    C:\Program Files\SigmaTel\C-Major Audio\ControlPanel\StacSysTray.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\Phoenix Technologies\cME\Guard\Guard.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
    C:\PROGRA~1\SigmaTel\C-MAJO~1\CONTRO~1\stacsrv.exe
    C:\Program Files\Brother\ControlCenter2\brctrcen.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
    C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
    C:\Program Files\McAfee.com\Agent\mcagent.exe
    C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\Common Files\Teleca Shared\Generic.exe
    C:\Program Files\Sony Ericsson\Mobile\Mobile Phone Monitor\epmworker.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\PhnxCDSvr.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\WINDOWS\STK02N\STK02NM.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\WINDOWS\slrundll.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.elonex.com/
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
    O3 - Toolbar: The hdtip - {CBF5124B-3294-4441-9B5C-30297F50E02C} - C:\WINDOWS\hdtip.dll
    O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [StacSysTray] C:\Program Files\SigmaTel\C-Major Audio\ControlPanel\StacSysTray.exe -invisible
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [RestoreIT!] "C:\Program Files\Phoenix Technologies\cME\RPro\ XP\VBPTASK.EXE" VBStart
    O4 - HKLM\..\Run: [Eval] "C:\Program Files\Phoenix Technologies\cME\RPro\Eval\Eval.exe"
    O4 - HKLM\..\Run: [Guard] "C:\Program Files\Phoenix Technologies\cME\Guard\Guard.exe" /background
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
    O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
    O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
    O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe
    O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
    O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
    O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
    O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
    O4 - Global Startup: STK02N 2.0 PNP Monitor.lnk = ?
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://www.eXentiasupport.com/
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1125909620937
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1144096536671
    O16 - DPF: {78AEEDE8-7345-4FB5-A8FE-4BFF16EF25FC} (McAfee Virtual Technician Control Class) - http://us-download.mcafee.com/products/protected/mvt/mvt.cab
    O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} (VideoEgg ActiveX Loader) - http://update.videoegg.com/Install/Windows/Initial/VideoEggPublisher.exe
    O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by118fd.bay118.hotmail.msn.com/activex/HMAtchmt.ocx
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O21 - SSODL: gormet - {C7844384-38FD-494D-A6ED-6F4BEF5CE788} - C:\WINDOWS\gormet.dll
    O21 - SSODL: pmkret - {E86CF034-76A6-4D8A-805A-3583B4830342} - C:\WINDOWS\pmkret.dll
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Brother Industries, Ltd. - C:\WINDOWS\system32\Brmfrmps.exe
    O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: KService - Kontiki Inc. - C:\Program Files\KService\KService.exe
    O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
    O23 - Service: Sigmatel PassThru (PassThru) - Unknown owner - C:\Program Files\SigmaTel\C-Major Audio\ControlPanel\passthru.exe
    O23 - Service: Phoenix VCD Service (PhnxVCDService) - Phoenix Technologies Ltd. - C:\WINDOWS\system32\PhnxCDSvr.exe
    O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6172\SAService.exe
    O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

    --
    End of file - 11545 bytes

    it appraently says that them things you told me to remove (WHICH I DID) are still there :S

    anyway i will await your next post before i do anything.


    many thanks for taking the time to help me i really appreciate it ;)
     
    joshjy, Dec 3, 2007
    #7
  8. echoreply

    echoreply Regular member

    Joined:
    Nov 9, 2007
    Messages:
    472
    Likes Received:
    0
    Trophy Points:
    26
    hi,

    ok time to run the 2nd step of smitfraud. but first we will use hjt again, then boot into safe mode to run the 2nd step (clean) of the smitfraud fix.

    first hjt:

    O3 - Toolbar: The hdtip - {CBF5124B-3294-4441-9B5C-30297F50E02C} - C:\WINDOWS\hdtip.dll

    O21 - SSODL: gormet - {4CBBE053-A797-4421-8783-25E8C51A0899} - C:\WINDOWS\gormet.dll

    O21 - SSODL: pmkret - {739689B2-85A1-47E5-8775-ABC322C527EF} - C:\WINDOWS\pmkret.dll
    -----------------------------
    now boot computer into safe mode to run smitfraud. to reach safe mode you would tap the f8 key during a computer restart. chose the first option from the list; SAFE MODE.
    ok once at the safe mode desktop start smitfraudfix like before except this time chose option 2 (clean)

    Wait for the tool to complete and disk cleanup to finish.
    You will be prompted : "Registry cleaning - Do you want to clean the registry ?" answer Yes by typing Y and hit Enter.

    The tool will also check if wininet.dll is infected. If a clean version is found, you will be prompted to replace wininet.dll. Answer Yes to the question "Replace infected file ?" by typing Y and hit Enter.

    A reboot may be needed to finish the cleaning process, if you computer does not restart automatically please do it yourself manually. Reboot in Safe Mode.

    The tool will create a log named rapport.txt in the root of your drive, eg: Local Disk C: or partition where your operating system is installed. Please post that log along with a new hjt log in next reply.

    echoreply
     
    echoreply, Dec 3, 2007
    #8
  9. joshjy

    joshjy Regular member

    Joined:
    Dec 23, 2006
    Messages:
    148
    Likes Received:
    0
    Trophy Points:
    26
    i am completely in your debt dude youve fixed my computer for me


    heres that last log you wanted but i think its all gone know and im soo happy its been driving me mad for days.

    SmitFraudFix v2.257

    Scan done at 17:43:02.10, 04/12/2007
    Run from C:\Documents and Settings\joshua jones-young.ROBERT\Desktop\SmitfraudFix
    OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
    The filesystem type is NTFS
    Fix run in safe mode

    »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    »»»»»»»»»»»»»»»»»»»»»»»» Killing process


    »»»»»»»»»»»»»»»»»»»»»»»» hosts


    127.0.0.1 localhost

    »»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

    S!Ri's WS2Fix: LSP not Found.


    »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

    GenericRenosFix by S!Ri


    »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

    C:\WINDOWS\gormet.dll Deleted
    Deleting [HKEY_CLASSES_ROOT\CLSID\{F65221E9-83E9-409F-8D99-FEE7211A982F}]
    C:\WINDOWS\hdtip.dll Deleted
    C:\WINDOWS\monhop.exe Deleted
    C:\WINDOWS\pmkret.dll Deleted
    pmkret not found.
    C:\WINDOWS\privacy_danger\ Deleted
    C:\DOCUME~1\JOSHUA~1.ROB\Desktop\Error Cleaner.url Deleted
    C:\Program Files\RichVideoCodec\ Deleted

    »»»»»»»»»»»»»»»»»»»»»»»» DNS

    HKLM\SYSTEM\CCS\Services\Tcpip\..\{3412132F-5AD7-4166-A24A-3D45227CFF87}: DhcpNameServer=194.168.4.100 194.168.8.100
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{3412132F-5AD7-4166-A24A-3D45227CFF87}: DhcpNameServer=194.168.4.100 194.168.8.100
    HKLM\SYSTEM\CS3\Services\Tcpip\..\{3412132F-5AD7-4166-A24A-3D45227CFF87}: DhcpNameServer=194.168.4.100 194.168.8.100
    HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=194.168.4.100 194.168.8.100
    HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=194.168.4.100 194.168.8.100
    HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=194.168.4.100 194.168.8.100


    »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


    »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
    !!!Attention, following keys are not inevitably infected!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "System"=""


    »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

    Registry Cleaning done.

    »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll


    »»»»»»»»»»»»»»»»»»»»»»»» End


    the world needs more people like you.

    once again many thanks.

    josh.
     
    joshjy, Dec 4, 2007
    #9

Share This Page